[OpenSIPS-Devel] Compilation issues

Bogdan-Andrei Iancu bogdan at opensips.org
Wed May 29 10:29:24 EDT 2019 

Thanks Dan,

Fixes are pushed, hopefully we managed to get rid of them. If you could 
give it a try please.

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
OpenSIPS Summit 2019
   https://www.opensips.org/events/Summit-2019Amsterdam/

On 05/28/2019 11:57 AM, Dan Pascu wrote:
> On 32 bit systems I noticed the following warnings when compiling which I think indicate that 32 bit systems can crash with an illegal memory access:
>
> -------------------------------------------------------
>
> ucontact.c: In function ‘ucontact_coords_cmp’:
> ucontact.c:1036:6: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
>    a = (ucontact_sip_coords *)_a;
>        ^
> ucontact.c:1037:6: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
>    b = (ucontact_sip_coords *)_b;
>        ^
> In file included from ../../resolve.h:45,
>                   from ../../proxy.h:75,
>                   from ucontact.h:44,
>                   from ucontact.c:34:
> ucontact.c: In function ‘free_ucontact_coords’:
> ucontact.c:1049:12: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
>     shm_free((ucontact_sip_coords *)coords);
>              ^
> ../../mem/shm_mem.h:513:38: note: in definition of macro ‘shm_free’
>   #define shm_free( _ptr ) _shm_free( (_ptr), \
>                                        ^~~~
>
> dlist.c: In function ‘delete_ucontact_from_coords’:
> dlist.c:1216:34: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
>     if (cdb_delete_ucontact_coords((ucontact_sip_coords *)ct_coords)) {
>                                    ^
> -------------------------------------------------------
>
> The variables in question are of type ucontact_coords which is a 64 bit integer. Whenever that type is cast into a pointer it will be truncated to 32 bits on 32 bit platforms which can result in illegal memory access. I have not yet run opensips on a 32 bit system, but I noticed these while compiling it.
>
>
> Next I got this warning when compiling on both 32 and 64 bit systems:
>
> 32 bit warning:
> -------------------------------------------------------------
>
> In file included from /usr/include/string.h:494,
>                   from /usr/include/i386-linux-gnu/sys/un.h:37,
>                   from timeout_process.c:27:
> In function ‘memcpy’,
>      inlined from ‘sockaddr2ip_addr’ at ../../parser/../ip_addr.h:212:4,
>      inlined from ‘timeout_listener_process’ at timeout_process.c:248:6:
> /usr/include/i386-linux-gnu/bits/string_fortified.h:34:10: warning: ‘__builtin_memcpy’ forming offset [17, 24] is ou
> t of the bounds [0, 16] of object ‘rtpp_info’ with type ‘struct sockaddr’ [-Warray-bounds]
>     return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
>            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> timeout_process.c: In function ‘timeout_listener_process’:
> timeout_process.c:76:18: note: ‘rtpp_info’ declared here
>    struct sockaddr rtpp_info;
>                    ^~~~~~~~~
> timeout_process.c:235:8: warning: ‘__builtin_memcmp_eq’ reading 16 bytes from a region of size 8 [-Wstringop-overflow=]
>          memcmp(rtpp_lst->addr, s_in6->sin6_addr.s6_addr, 16) == 0)
>          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> -------------------------------------------------------------
>
>
> 64 bit warning:
> -------------------------------------------------------------
>
> timeout_process.c: In function ‘timeout_listener_process’:
> timeout_process.c:235:8: warning: ‘__builtin_memcmp_eq’ reading 16 bytes from a region of size 8 [-Wstringop-overflow=]
>          memcmp(rtpp_lst->addr, s_in6->sin6_addr.s6_addr, 16) == 0)
>          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> -------------------------------------------------------------
>
> which also seems to indicate accessing memory out of bounds.
>
> The next warnings I only noticed when compiling on 64 bit. Not sure why they do not show up on 32 bit, if the problem depends on architecture or is caused by the slight difference in compilers (I used gcc 8.2.0 on 32 bit and gcc 8.3.0 on 64 bit):
>
> -------------------------------------------------------------
>
> libsms_getsms.c: In function ‘splitascii.isra.1’:
> libsms_getsms.c:286:2: warning: ‘strncpy’ specified bound 500 equals destination size [-Wstringop-truncation]
>    strncpy(sms->ascii,start,sizeof(sms->ascii));
>    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> libsms_getsms.c:302:2: warning: ‘strncpy’ specified bound 31 equals destination size [-Wstringop-truncation]
>    strncpy(sms->sender,start,sizeof(sms->sender));
>    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> libsms_getsms.c:316:3: warning: ‘strncpy’ specified bound 64 equals destination size [-Wstringop-truncation]
>     strncpy(sms->name,start,sizeof(sms->name));
>     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> esl/src/esl.c: In function ‘esl_recv_event’:
> esl/src/esl.c:1406:4: warning: ‘strncpy’ specified bound 1024 equals destination size [-Wstringop-truncation]
>      strncpy(handle->last_reply, hval, sizeof(handle->last_reply));
>      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> In function ‘esl_send_recv_timed.part.6’,
>      inlined from ‘esl_send_recv_timed’ at esl/src/esl.c:1537:27:
> esl/src/esl.c:1604:5: warning: ‘strncpy’ specified bound 1024 equals destination size [-Wstringop-truncation]
>       strncpy(handle->last_sr_reply, hval, sizeof(handle->last_sr_reply));
>       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> In file included from esl/src/esl_config.c:34:
> esl/src/esl_config.c: In function ‘esl_config_open_file’:
> esl/src/include/esl.h:43:37: warning: ‘strncpy’ output may be truncated copying 511 bytes from a string of length 1023 [-Wstringop-truncation]
>   #define esl_copy_string(_x, _y, _z) strncpy(_x, _y, _z - 1)
>                                       ^~~~~~~~~~~~~~~~~~~~~~~
> esl/src/include/esl.h:44:32: note: in expansion of macro ‘esl_copy_string’
>   #define esl_set_string(_x, _y) esl_copy_string(_x, _y, sizeof(_x))
>                                  ^~~~~~~~~~~~~~~
> esl/src/esl_config.c:72:4: note: in expansion of macro ‘esl_set_string’
>      esl_set_string(cfg->path, path);
>      ^~~~~~~~~~~~~~
>
>
> xjab_wlist.c: In function ‘xj_wlist_set_aliases’:
> xjab_wlist.c:473:3: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
>     strncpy(p0, pa, i);
>     ^~~~~~~~~~~~~~~~~~
> xjab_wlist.c:455:34: note: length computed here
>     i = jwl->aliases->proxy->len = strlen(pa);
>                                    ^~~~~~~~~~
>
>
> iniparser.c: In function ‘iniparser_add_entry’:
> iniparser.c:568:4: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
>      strncpy(longkey, sec, len + 1);
>      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> iniparser.c:565:17: note: length computed here
>      size_t len = strlen(sec);
>                   ^~~~~~~~~~~
>
>
> rest_methods.c: In function ‘trace_rest_request_cb’:
> rest_methods.c:142:4: warning: ‘strncpy’ specified bound 46 equals destination size [-Wstringop-truncation]
>      strncpy( tparam->local_ip, ip, INET6_ADDRSTRLEN);
>      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> rest_methods.c:152:4: warning: ‘strncpy’ specified bound 46 equals destination size [-Wstringop-truncation]
>      strncpy( tparam->remote_ip, ip, INET6_ADDRSTRLEN);
>      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> opensipsunix.c: In function ‘main’:
> opensipsunix.c:93:2: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
>    strncpy(from.sun_path, name, strlen(name));
>    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> bdb_recover.c: In function ‘extract_key’:
> bdb_recover.c:487:2: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
>    strncpy(buf, d, len);
>    ^~~~~~~~~~~~~~~~~~~~
> bdb_recover.c:486:8: note: length computed here
>    len = strlen(d);
>          ^~~~~~~~~
> bdb_recover.c:498:5: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
>       strncpy(p, s, len);
>       ^~~~~~~~~~~~~~~~~~
> bdb_recover.c:493:9: note: length computed here
>     len = strlen(s);
>           ^~~~~~~~~
> bdb_recover.c: In function ‘create_table’:
> bdb_recover.c:795:2: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
>    strncpy(tp->name, _s, i);
>    ^~~~~~~~~~~~~~~~~~~~~~~~
> bdb_recover.c:793:4: note: length computed here
>    i=strlen(_s)+1;
>      ^~~~~~~~~~
>
> -------------------------------------------------------------
>
> --
> Dan
>
>
>
>
>
> _______________________________________________
> Devel mailing list
> Devel at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/devel

More information about the Devel mailing list